PRIVACY POLICYThe Hattori Foundation/1901 Arts Club is committed to upholding the Data Protection principles of good practice. Protecting your privacy is important to us and we strive to keep all information relating to you confidential in accordance with this statement and the law. As part of the normal operation of our services you may voluntarily provide us with information about yourself. The purpose of this Privacy Policy is to explain what personal data we collect about you, how that personal data might be used and how we protect your personal data and privacy.
|
About this policy
This policy explains when and why we collect personal information, how we use it and how we keep it secure and your rights in relation to it.
We may collect, use and store your personal data, as described in this Privacy Policy.
We may amend this Privacy Policy from time to time without prior notice. If we make any significant changes to the way we treat your personal information we will make this clear on the 1901 Arts Club (190artsclub.com) and the Hattori Foundation (hattorifoundation.org.uk) websites or by contacting you directly.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk).
We may collect, use and store your personal data, as described in this Privacy Policy.
We may amend this Privacy Policy from time to time without prior notice. If we make any significant changes to the way we treat your personal information we will make this clear on the 1901 Arts Club (190artsclub.com) and the Hattori Foundation (hattorifoundation.org.uk) websites or by contacting you directly.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk).
Who are we?
We are the Hattori Foundation, a UK registered charity. 1901 Arts Club is a licensed event space we operate as part of our charitable activities. It is also the name of the building from which we operate.
For the purposes of the GDPR, we will be the “Data Controller” of all personal data we hold about you.
We can be contacted via the following methods:
Address: C/o 1901 Arts Club, 7 Exton Street, Waterloo, London SE1 8UE, United Kingdom
Telephone: +44 (0)20 7620 3055
Email: [email protected]
For the purposes of the GDPR, we will be the “Data Controller” of all personal data we hold about you.
We can be contacted via the following methods:
Address: C/o 1901 Arts Club, 7 Exton Street, Waterloo, London SE1 8UE, United Kingdom
Telephone: +44 (0)20 7620 3055
Email: [email protected]
How we collect your data
If you supply personally identifiable data to us, we remain responsible for that data, always. We collect it in the following ways:
- When you purchase a ticket, or add your name to our mailing list directly. Whether in person, or over the telephone, when you reserve tickets we will collect and store information about you.
- When we collect information as you use our website or applications. Our website, like most others, uses “cookies” to make it more usable. A cookie is a small text file containing information about how you arrived at a website, the pages you may have visited or information about your device. We use them to help design our website to make sure you find easily the information you are looking for. The emails we send out may also use tracking pixel to record if the email is opened and links followed.
- Social media - according to your settings for social networks and messaging services like Facebook, Instagram or Twitter, you might give us permission to access some of your information from those services.
- When you apply for a Hattori Foundation award. The information you supply is required to determine your identity and eligibility for the award applied for and may in the case of a successful application include bank account details to enable the payment the award granted.
What information we collect
If you purchase a ticket to attend a concert or add your details to our mailing list we will usually collect name, address, telephone number and email address.
The information you supply when applying for a Hattori Foundation Award will also include your date of birth, nationality, qualifications and personal references. These details are required to determine your identity and eligibility for the award applied for. In the case of a successful application we would also collect your bank account details to enable the payment of the award granted.
Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from us, is outlined in the “Your rights” section below.
The information you supply when applying for a Hattori Foundation Award will also include your date of birth, nationality, qualifications and personal references. These details are required to determine your identity and eligibility for the award applied for. In the case of a successful application we would also collect your bank account details to enable the payment of the award granted.
Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from us, is outlined in the “Your rights” section below.
How we protect your personal data
We take every precaution to protect your information. To this end all personal information stored by us is kept on a server in a secure environment (off-site).
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
We use reputable software platforms for our communications.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
We use reputable software platforms for our communications.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Who else has access to the information you provide us?
Employees of Hattori Foundation/1901 Arts Club with a valid necessity to access/process your personal data.
Our selected Data Processors like Ticketsource (online box office), and Mailchimp (email newsletter platform) who need the information to perform a specific function are granted access to personally identifiable information.
Ticketsource may share your personal data with processing partners such as Merchant Service Providers or Email/Text Service Providers who are contracted to assist Ticketsource with the booking of your tickets. As we are responsible for our Data Processor Ticketsource, Ticketsource is responsible under GDPR to ensure that any sub-processor they contract is fully compliant with GDPR law and will act to ensure the safety of your personal data. In some cases, such as online purchases, you will provide debit or credit card details to our Data Processor (Ticketsource) and we as Data Controller will never have access to that information.
We will never sell your personal data nor share your personal data with any third parties without your prior consent (which you are free to withhold) except:
If you choose to interact with one of our pages on a social network, such as Facebook or Twitter, that interaction may result in personal data being shared with us by the social network operating under its own legal contract with yourself.
Other websites. Our website and newsletters may contain links to other websites (for example, promoters’ or artists’ sites, social media). You should review the Privacy Policy of other sites before following these links.
Our selected Data Processors like Ticketsource (online box office), and Mailchimp (email newsletter platform) who need the information to perform a specific function are granted access to personally identifiable information.
Ticketsource may share your personal data with processing partners such as Merchant Service Providers or Email/Text Service Providers who are contracted to assist Ticketsource with the booking of your tickets. As we are responsible for our Data Processor Ticketsource, Ticketsource is responsible under GDPR to ensure that any sub-processor they contract is fully compliant with GDPR law and will act to ensure the safety of your personal data. In some cases, such as online purchases, you will provide debit or credit card details to our Data Processor (Ticketsource) and we as Data Controller will never have access to that information.
We will never sell your personal data nor share your personal data with any third parties without your prior consent (which you are free to withhold) except:
- Where we are required to by law
- When we have first asked, and been given, your permission to do so
If you choose to interact with one of our pages on a social network, such as Facebook or Twitter, that interaction may result in personal data being shared with us by the social network operating under its own legal contract with yourself.
Other websites. Our website and newsletters may contain links to other websites (for example, promoters’ or artists’ sites, social media). You should review the Privacy Policy of other sites before following these links.
Transferring and sharing data
Operational
In order to perform some of our day to day operations, personal data is sometimes securely transferred to and subsequently processed by external companies. Where external companies process your personal data (for example email addresses, to send out emails on our behalf), we ensure that proper controls are in place regarding how those companies manage the personal data they collect or have access to.
If one of these companies runs their operations outside the European Economic Area (EEA), although they may not be subject to same data protection laws as a company based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by requesting and checking their data policies and associated documents and checking for an adequacy decision between the EEA and that company’s country of origin. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
For example, our marketing emails are dispatched by a company in the US. That company has provided documentation to prove that they are compliant with the data protection framework built to cover data sharing between the EU and the US (called the EU-US Privacy Shield). An adequacy decision is in place for the EU-US Privacy Shield, so that company is recognised by the European Commission as providing adequate protection for your data.
Legal
We may need to pass your details, if required, to the police, regulatory bodies or legal advisors.
In order to perform some of our day to day operations, personal data is sometimes securely transferred to and subsequently processed by external companies. Where external companies process your personal data (for example email addresses, to send out emails on our behalf), we ensure that proper controls are in place regarding how those companies manage the personal data they collect or have access to.
If one of these companies runs their operations outside the European Economic Area (EEA), although they may not be subject to same data protection laws as a company based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by requesting and checking their data policies and associated documents and checking for an adequacy decision between the EEA and that company’s country of origin. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
For example, our marketing emails are dispatched by a company in the US. That company has provided documentation to prove that they are compliant with the data protection framework built to cover data sharing between the EU and the US (called the EU-US Privacy Shield). An adequacy decision is in place for the EU-US Privacy Shield, so that company is recognised by the European Commission as providing adequate protection for your data.
Legal
We may need to pass your details, if required, to the police, regulatory bodies or legal advisors.
Keeping your information up to date
We appreciate your help in keeping us informed of changes to your contact details.
How long do we keep your information?
We will hold your personal data on our systems for no longer than reasonably necessary to carry out the activities for which you gave us the personal data, or until you choose to unsubscribe or until we no longer have a legal basis for holding your personal data.
Ticketsource will delete your personal data after one year.
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.
Ticketsource will delete your personal data after one year.
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.
Your rights
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal data held by us, please contact the Data Controller using the contact details listed below. We will provide this information within one month or let you know if there is a reason why that deadline cannot be met. If there are any discrepancies in the information we provide, please let us know and we will correct them.
Under GDPR you have the following rights:
For further information see the Information Commissioner’s guidance.
Under GDPR you have the following rights:
- Right to be informed of why your data is being processed (included within this Data Privacy Policy)
- Right of access to the Personal Data held
- Right of rectification if incorrect data is held
- Right to erasure (may be subject to the booking contract and retention periods)
- Right to object to processing
For further information see the Information Commissioner’s guidance.
Contact detail
To exercise any relevant rights, queries or complaints regarding the handling of your Personal Data, please contact:
Data Controller
Hattori Foundation
1901 Arts Club
7 Exton Street
London SE1 8UE
Email: [email protected]
If you want to access your information, send a description of the information you want to see and proof of your identity by post to Hattori Foundation, 1901 Arts Club. We do not accept these requests by email and we may contact you directly for confirmation of the request before providing any information. This extra confirmation is in place to safeguard against identity fraud.
Data Controller
Hattori Foundation
1901 Arts Club
7 Exton Street
London SE1 8UE
Email: [email protected]
If you want to access your information, send a description of the information you want to see and proof of your identity by post to Hattori Foundation, 1901 Arts Club. We do not accept these requests by email and we may contact you directly for confirmation of the request before providing any information. This extra confirmation is in place to safeguard against identity fraud.
Complaints
If you are unhappy with the way in which your personal data has been collected, stored or processed please contact the Data Controller using the contact details above.
If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted by telephone on 0303 123 1113 or via their online notification system at www.ico.org.uk/concerns.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted by telephone on 0303 123 1113 or via their online notification system at www.ico.org.uk/concerns.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.